https://bz.apache.org/bugzilla/show_bug.cgi?id=61114
Konstantin Kolinko <knst.koli...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Konstantin Kolinko <knst.koli...@gmail.com> ---
1. The option already exists. Looking at the oldest version supported now
(7.0.x), it is named "logArgs", in all newer versions as well.
http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html
2. Passing secrets via command line arguments is well-known bad idea / SNAFU,
because they are visible to other local users that can run "ps" command or read
"/proc/<pid>/cmdline".
A better idea will be to put them into conf/catalina.properties
Also see the FAQ
https://wiki.apache.org/tomcat/FAQ/Password
Note that system properties are not logged by default configuration of
VersionLoggerListener (configured by the "logProps" attribute).
3. Command line arguments provide important information for troubleshooting.
JVM options, memory size configuration, logging configuration.
4. Logs are well known to contain sensitive information (e.g. they may contain
session ids) and shall be protected from world-wide access.
I do not see what can be improved here. Closing as WONTFIX.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
